一个SQL查询操作的方法

import java.sql.*;public class Test {  public static void main(String[] args) throws Exception {    Class.forName("org.sqlite.JDBC");    Connection conn =      DriverManager.getConnection("jdbc:sqlite:test.db");    Statement stat = conn.createStatement();    stat.executeUpdate("drop table if exists people;");    stat.executeUpdate("create table people (name, occupation);");    PreparedStatement prep = conn.prepareStatement(      "insert into people values (?, ?);");    prep.setString(1, "Gandhi");    prep.setString(2, "politics");    prep.addBatch();    prep.setString(1, "Turing");    prep.setString(2, "computers");    prep.addBatch();    prep.setString(1, "Wittgenstein");    prep.setString(2, "smartypants");    prep.addBatch();    conn.setAutoCommit(false);    prep.executeBatch();    conn.setAutoCommit(true);    ResultSet rs = stat.executeQuery("select * from people;");    while (rs.next()) {      System.out.println("name = " + rs.getString("name"));      System.out.println("job = " + rs.getString("occupation"));    }    rs.close();    conn.close();  }}
------解决方案--------------------
不好意思，对具体操作并不熟悉，只是对SQL有所了解而已。

大致类似于：
public String getPhoneByName(String pName) {
String sql = "Select phonenumber From TABLENAME Where name='" + pName + "'";
String phonenumber;
if (mDataBase == null) {
 return 0;
}

Cursor cursor = db.rawQuery(sql, null);  
while (cursor.moveToNext()) {  
 phonenumber = cursor.getString(0); //获取第一列的值,第一列的索引从0开始  
}  
cursor.close();  
db.close();  
return phonenumber;
}


参考下吧：
http://www.javaask.com/mobile/android/2011/1116/9180.html
------解决方案--------------------
Cursor c = mDataBase.rawQuery(sql, null);
if(c.moveToFirst()){
 for(int i=0;i!=c.getCount();i++){
   c.move(i);
   phonenumber = c.getString(0);
 }
}
------解决方案--------------------
安卓上面注入漏洞，这个好玩。
不过说实在的，要是PHONENUMBER由用户输入还真可能存在。